Hi, I'm
Chris Stahly
I hack shit(and listen to space trash)
Reverse engineer and application security specialist with 20+ years breaking, protecting, and understanding software. OSCP certified. Purdue CS.
01. About me
A bit about me
I'm a reverse engineer and application security specialist. I spend my time understanding how software works at its lowest levels — then figuring out how to break it, protect it, or make it do something it wasn't supposed to.
Over two decades I've worked across the full spectrum of application security: binary analysis, cryptographic architecture, anti-tamper and anti-cheat systems, threat modeling, and security engineering at the director level. I take a consultative approach — understanding what's actually at risk before recommending how to protect it.
- ▸Reverse Engineering
- ▸Cryptography
- ▸Application Security
- ▸Threat Modeling
- ▸Binary Analysis
- ▸Anti-Tamper
- ▸Penetration Testing
- ▸OSCP
02. Work
Selected work
Mobile Application Protection
Designed and deployed anti-tamper and anti-reverse engineering protections for high-value mobile applications across fintech, healthcare, and gaming verticals. Binary instrumentation, runtime integrity verification, and cryptographic obfuscation — deployed across hundreds of millions of devices.
- Binary Analysis
- Anti-Tamper
- Cryptography
- iOS/Android
Medical Device Security Program
Built a security engineering program from scratch for a regulated medical device manufacturer — including threat modeling, vulnerability assessment, security code review, and a standardized penetration testing framework with executive-level metrics reporting.
- Threat Modeling
- Penetration Testing
- Risk Assessment
- SDLC
Game Anti-Cheat & DRM
Led professional services engagements applying anti-cheat and DRM protections to desktop and mobile games. Designed protection plans based on threat and risk data, covering anti-debugging, license enforcement, integrity checking, and obfuscation of high-value game assets.
- Anti-Cheat
- DRM
- Reverse Engineering
- Gaming
04. Scanner
P25 digital voice
Live APCO P25 Phase II decoding off a local HackRF. OP25 demods the digital voice, a Python web server handles talkgroup routing, audio archiving, and live streaming, with a web dashboard and iOS companion app on top.
- //Hardware — HackRF One · 8.8 cm V-dipole
- //Decoder — OP25 (GNU Radio-based P25 stack)
- //Server — Python — talkgroup routing, audio archive, live stream
- //Web app — Live activity feed at p25.sadbabyrabbit.com
- //iOS app — Native companion for browsing and playback
06. ADS-B
Aircraft, two stations, one map
Two ADS-B receivers — one in Destin, Florida, one in Indiana — decoding 1090 MHz Mode S off dump1090. Every marker is a live position one of my stations is hearing right now, merged onto a single map and colored by which receiver caught it. Arrowheads point along each aircraft's track.
▲ Destin 0·▲ Indiana 0·0 aircraft live
07. AIS
Marine traffic off the Gulf
A discone on the Florida coast pulls in AIS position reports from every ship and boat in VHF range. AIS-catcher demodulates both marine channels at once, plots the vessels on a live map, and forwards the traffic to the big aggregators — so the same receiver that feeds this map also feeds the ones everyone else uses.
- //Hardware — Nooelec NESDR SmarTee v5 · discone antenna
- //Decoder — AIS-catcher — dual channel, 161.975 / 162.025 MHz
- //Feeds — MarineTraffic · VesselFinder · aiscatcher.org
- //Site — Destin, FL — Gulf coast, solar-baked weatherproof box